Prioritized Virus Scanning of Files Based on File Size

1. A system, comprising: a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: maintaining, in a directory, respective first softlinks of respective first files that have a size within a specified range, and that have been modified subsequent to a respective most-recent virus scan; and in response to determining to perform an antivirus scan on a group of files that comprises the first files, performing a first antivirus scan on the first files based on identifying the first softlinks in the directory, and after performing the first antivirus scan on the first files, performing a second antivirus scan on second files of the group of files that are not identified with respective second softlinks in the directory.

2. The system of claim 1, wherein the directory is a first directory, wherein determining to perform the antivirus scan comprises determining to perform the antivirus scan on a second directory, and wherein performing the second antivirus scan on the second files of the group of files comprises: identifying the second files based on performing tree-walk of the second directory.

3. The system of claim 2, wherein identifying the second files based on performing the tree-walk of the second directory comprises: refraining from including the first files in the identifying of the second files based on determining that respective first files of the first files have last been antivirus scanned more recently than they have last been modified.

4. The system of claim 1, wherein the determining that the respective first files of the first files have last been antivirus scanned more recently than they have last been modified is based on maintaining respective last-scanned times for the respective first files, and maintaining respective last-modified times for the respective first files.

5. The system of claim 1, wherein the operations further comprise: in response to determining that a file-close operation for a file has succeeded, and in response to determining that the file has a first size within the specified range, creating a softlink for the file in the directory.

6. The system of claim 5, wherein the file-close operation corresponds to closing the file after the file has been modified.

7. The system of claim 5, wherein the determining that the file-close operation for the file has succeeded is based on identifying a completion callback from a protocol driver that performed the file-close operation.

8. A method, comprising: effectuating, by a system comprising a processor, an antivirus scan on a first directory by effectuating a first antivirus scan on first files of the first directory based on identifying first softlinks in a second directory, wherein respective first softlinks of the first softlinks correspond to respective first files of a group of files in the first directory, and wherein respective file sizes of the respective first files are within a defined size range; and after effectuating the first antivirus scan on the first files, effectuating the antivirus scan on the first directory by effectuating a second antivirus scan on second files of the group of files in the first directory that are not identified with respective second softlinks in the second directory.

9. The method of claim 8, wherein effectuating the first antivirus scan on the first files of the first directory based on identifying the first softlinks in the second directory comprises: removing, by the system, respective members of the first softlinks based on scanning respective first files of the first files.

10. The method of claim 8, further comprising: in response to determining that a file-close operation for a file has succeeded, in response to determining that a file size of the file is outside of the defined size range, and in response to determining that a first softlink of the first softlinks corresponds to the file, removing, by the system, the first softlink from the second directory.

11. The method of claim 10, wherein the determining that the file size of the file is outside of the defined size range comprises: performing, by the system, a stats command regarding the file.

12. The method of claim 8, further comprising: in response to determining that a file-close operation for a file has succeeded, in response to determining that a file size of the file is outside of the defined size range, refraining from creating a softlink that corresponds to the file in the second directory.

13. The method of claim 8, further comprising: in response to determining to add a first softlink for a first file to the second directory, enqueuing, by the system, a work item to a message queue, wherein the work item identifies the first file.

14. The method of claim 8, wherein effectuating the second antivirus scan on the second files of the group of files in the first directory that are not identified with the respective second softlinks in the second directory comprises: tree-walking, by the system, the first directory to identify candidate files; and identifying, by the system, that a candidate file of the candidate files is a member of the second files based on the candidate file not having been scanned since the candidate file was modified.

15. A non-transitory computer-readable medium comprising instructions that, in response to execution, cause a system comprising a processor to perform operations, comprising: performing an antivirus scan on a first directory by performing a first antivirus scan on first files of the first directory based on identifying first softlinks in a second directory, wherein respective first softlinks of the first softlinks correspond to respective first files of the first files; and after performing the first antivirus scan on the first files, performing a second antivirus scan on second files in the first directory that are not identified with respective second softlinks in the second directory.

16. The non-transitory computer-readable medium of claim 15, wherein respective file sizes of the respective first files are within a defined size range.

17. The non-transitory computer-readable medium of claim 16, wherein the defined size range indicates a size below a threshold size value.

18. The non-transitory computer-readable medium of claim 16, wherein the operations further comprise: determining the defined size range based on receiving user input indicative of user size range data.

19. The non-transitory computer-readable medium of claim 18, wherein there is a default defined size range value for the defined size range, and wherein the operations further comprise: replacing the default defined size range value for the defined size range based on the user size range data.

20. The non-transitory computer-readable medium of claim 16, wherein the operations further comprise: determining the defined size range based on determining that the defined size range is associated with files that are infected with viruses.